/*
 * 文件名：AuthenticationFilter.java
 * 版权：Copyright by www.huawei.com
 * 描述：
 * 修改人：ZhangBo
 * 修改时间：2012-4-27
 * 跟踪单号：
 * 修改单号：
 * 修改内容：
 */

package com.chinasoftosg.sicap.controller.filter;

import java.io.IOException;
import java.util.List;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.chinasoftosg.sicap.pojo.Rights;
import com.chinasoftosg.sicap.utils.CommonUtil;
import com.chinasoftosg.sicap.utils.ConstantUtil;
import com.chinasoftosg.sicap.utils.bean.AdminInfoBean;

public class AuthenticationFilter implements Filter
{
    
    public void destroy()
    {
    }
    
    public void doFilter(ServletRequest servletRequest,
            ServletResponse servletResponse, FilterChain chain)
            throws IOException, ServletException
    {
        HttpServletRequest request = (HttpServletRequest)servletRequest;
        HttpServletResponse response = (HttpServletResponse)servletResponse;
        
        HttpSession session = request.getSession();
        //用户访问RequestURI
        String requestURI = request.getRequestURI();
        System.out.println("requestURI:"+requestURI);
        if (!ConstantUtil.NOT_LOGIN_URI.contains(requestURI))
        {
            //判断用户是否登录
            AdminInfoBean adminInfoBean = (AdminInfoBean)session.getAttribute(ConstantUtil.ADMININFO_BEAN);
            if (null == adminInfoBean)
            {
                response.sendRedirect("/login.jsp");
            }
            else
            {
                //如果角色Id不是超级管理员(roleId不为1),则进行权限认证
//                if (CommonUtil.isEmpty(adminInfoBean.getAdminInfo())
//                        && adminInfoBean.getAdminInfo().getRoleId() != 1)
//                {
//                    //权限认证
////                    if (authentication(request, response))
////                    {
////                        chain.doFilter(request, response);
////                    }
////                    else
////                    {
////                        response.sendRedirect("authentication.html");
////                    }
//                }
                chain.doFilter(request, response);
            }
        }else{
            chain.doFilter(request, response);
        }
        
    }
    
    public void init(FilterConfig filterConfig) throws ServletException
    {
    }
    
    private boolean authentication(HttpServletRequest request,
            HttpServletResponse response) throws IOException
    {
        String requestURI = request.getRequestURI();
        HttpSession session = request.getSession();
        AdminInfoBean adminInfoBean = (AdminInfoBean)session.getAttribute(ConstantUtil.ADMININFO_BEAN);
        List<Rights> list = adminInfoBean.getRights();
        
        for (int i = 0; i < list.size(); i++)
        {
            Rights rights = list.get(i);
            if (requestURI.equals(rights.getRightsURI()))
            {
                return true;
            }
        }
        return false;
    }
    
}
